I follow the use of ACLs and policy-class lists. I've set up NAT when an ISP provides a range of IP addresses. A Netvanta 1335 is equipped with Switchports, no ETH interfaces. I've typically assigned the ISP's addrs to a VLAN interface.
interface vlan 99
description Internet connection
ip address 174.140.88.64 255.255.255.0
ip ffe
ip address range 174.140.88.143 174.140.88.145 255.255.255.0 secondary
ip address range 174.140.88.215 174.140.88.220 255.255.255.0 secondary
ip access-policy InetInPolicy
crypto map VPN
ip route-cache express
no shutdown
!
I do not understand why you used address 1.1.1.66 - 68 and assigned them to a loopback interface. Do these represent a range of IP addrs assigned by the ISP that are different than the network address assigned by the ISP to the WAN interface?
Is the loop interface required because the router has ETH interfaces to the Internet?
I would also like an explanation of the use of the null route. The address 1.1.1.66 to 68 are public IP addrs, correct?
A route on the Internet is going to direct traffic to these IPs via the WAN IP addr, 144.x.x.2, correct?
Does the use of the null route negate the need to include these IP addrs as secondary on one of the Interfaces?
bcrinehart wrote:
!
I do not understand why you used address 1.1.1.66 - 68 and assigned them to a loopback interface. Do these represent a range of IP addrs assigned by the ISP that are different than the network address assigned by the ISP to the WAN interface?
Is the loop interface required because the router has ETH interfaces to the Internet?
I think this is a scenario where the provider's WAN IP of 144.x.x.2 is the point-to-point link and 1.1.1.x is the LAN bock routed by the ISP. Rather than the null-route the extras he could have used a netmask on the loopback to encompass all of the routed LAN addresses.
interface loop 1
ip address 1.1.1.64 255.255.255.248
would probably have been a better choice than the null-routes.
I would also like an explanation of the use of the null route. The address 1.1.1.66 to 68 are public IP addrs, correct?
A route on the Internet is going to direct traffic to these IPs via the WAN IP addr, 144.x.x.2, correct?
Does the use of the null route negate the need to include these IP addrs as secondary on one of the Interfaces?
They're public now but probably weren't assigned in 2012 when the original was posted. Actually 1.0.0.0/8 is public but 1.1.1.0/24 and 1.2.3.0/24 are pretty much unusable due to examples such as there and are assigned to Google for research. He probably should have used RFC5737 space such as 192.0.2.0/24, 198.51.100.0/24 or 203.0.113.0/24 in his example. RFC 5737 - IPv4 Address Blocks Reserved for Documentation
Note that this post is from June 2012 and has had no replies for nearly three years.